def _parse_auxv(self, note):
t = tube()
t.unrecv(note.n_desc)
for i in range(0, note.n_descsz, context.bytes * 2):
key = t.unpack()
value = t.unpack()
# The AT_EXECFN entry is a pointer to the executable's filename
# at the very top of the stack, followed by a word's with of
# NULL bytes. For example, on a 64-bit system...
#
# 0x7fffffffefe8 53 3d 31 34 33 00 2f 62 69 6e 2f 62 61 73 68 00 |S=14|3./b|in/b|ash.|
# 0x7fffffffeff8 00 00 00 00 00 00 00 00 |....|....| | |
if key == constants.AT_EXECFN:
self.at_execfn = value
value = value & ~0xfff
value += 0x1000
self.stack = value
if key == constants.AT_ENTRY:
self.at_entry = value
if key == constants.AT_PHDR:
self.at_phdr = value
if key == constants.AT_BASE:
self.at_base = value
if key == constants.AT_SYSINFO_EHDR:
self.at_sysinfo_ehdr = value
def _parse_nt_file(self, note):
t = tube()
t.unrecv(note.n_desc)
count = t.unpack()
page_size = t.unpack()
starts = []
addresses = {}
for i in range(count):
start = t.unpack()
end = t.unpack()
offset = t.unpack()
starts.append((start, offset))
for i in range(count):
filename = t.recvuntil('\x00', drop=True)
(start, offset) = starts[i]
for mapping in self.mappings:
if mapping.start == start:
mapping.name = filename
mapping.page_offset = offset
self.mappings = sorted(self.mappings, key=lambda m: m.start)
vvar = vdso = vsyscall = False
for mapping in reversed(self.mappings):
if mapping.name:
continue
if not vsyscall and mapping.start == 0xffffffffff600000:
mapping.name = '[vsyscall]'
vsyscall = True
continue
if mapping.start == self.at_sysinfo_ehdr \
or (not vdso and mapping.size in [0x1000, 0x2000] \
and mapping.flags == 5 \
and self.read(mapping.start, 4) == '\x7fELF'):
mapping.name = '[vdso]'
vdso = True
continue
if not vvar and mapping.size == 0x2000 and mapping.flags == 4:
mapping.name = '[vvar]'
vvar = True
continue
def _parse_nt_file(self, note):
t = tube()
t.unrecv(note.n_desc)
count = t.unpack()
page_size = t.unpack()
starts = []
addresses = {}
for i in range(count):
start = t.unpack()
end = t.unpack()
ofs = t.unpack()
starts.append(start)
for i in range(count):
filename = t.recvuntil('\x00', drop=True)
start = starts[i]
for mapping in self.mappings:
if mapping.start == start:
mapping.name = filename
self.mappings = sorted(self.mappings, key=lambda m: m.start)
vvar = vdso = vsyscall = False
for mapping in reversed(self.mappings):
if mapping.name:
continue
if not vsyscall and mapping.start == 0xffffffffff600000:
mapping.name = '[vsyscall]'
vsyscall = True
continue
if mapping.start == self.at_sysinfo_ehdr \
or (not vdso and mapping.size in [0x1000, 0x2000] \
and mapping.flags == 5 \
and self.read(mapping.start, 4) == '\x7fELF'):
mapping.name = '[vdso]'
vdso = True
continue
if not vvar and mapping.size == 0x2000 and mapping.flags == 4:
mapping.name = '[vvar]'
vvar = True
continue
